Is Lion Server suitable for home use? Ars investigates

Apple bills OS X Lion Server as a product for "everyone"—but one of our …

Jorge Herskovic, a member of our community, wrote up a detailed account of his own experience working with OS X Lion Server for the benefit of our Mac forum readers. We asked Herskovic to expand on his thoughts a bit and share them with the rest of us; he graciously agreed. Here's one computer geek's experience with trying to govern his home Apple gadgets with Lion Server.

First, two confessions: I am a huge Apple fan. I am typing this on my 27” iMac, which sits under a painting of the old rainbow Apple logo in my home office. I own six Macs (four at home, two at work), my wife and I have iPhones, I have an old iPod I use as a car jukebox, and I have an iPad, an Airport Extreme, an Apple TV, and an Apple TV 2. I’ve been to the Apple campus in Cupertino more than once—and I live in Texas. Heck, I’m wearing an Apple T-shirt as I write this. I’m a drooling Apple fanboi.

I'm also a UNIX-loving geek. My first Linux install was Slackware… from a stack of floppy disks, in 1993. I’m competent enough not to shoot myself in the foot too badly. I have owned and managed Linux machines before, still keep a Linux VM on my Macs, and have root to several Important Linux Servers at work. I’ve run mission-critical systems on Linux for more than one company.

My current home network, though, is all Apple, all the time. Until a few days ago, I was content enough to manage each machine individually. I used a few well-known tweaks to enable some server behavior; for example, I used the format a sparsebundle trick to let my wife’s Macbook Pro backup to a drive on my main machine. I also used this guide to enable the VPN server that ships with OS X; I use the VPN to provide a secure connection for notebooks and iPhones on untrusted networks.

A few days ago, my wife’s backups stopped working (again) and my kludgy VPN failed (again). Both were regular occurrences. Faced with the prospect of fixing hacky backups that were never a good idea in the first place, some free time for the holidays, and the desire to tinker with more technology, I gave Apple $49.99+tax and downloaded Lion Server. My main interests were the VPN and network backups, but I also found centralizing the management of all my Apple junk attractive. At its lowest price ever, Lion Server is priced attractively for a home user with a small network. Apple is clearly aware of this, as the Lion Server page on apple.com proclaims that Lion is “The Server for Everyone”.

So follow along as I bumble my way through setting up Lion Server. I’ll try to test Apple’s claim: is Lion Server really a good product for everyone?

The purchase and installation process

Like Lion Client, you purchase Lion Server from the Mac App Store. I purchased mine from a mid-2010 27” iMac running 10.7.2. The download was only 15 MB, but that is deceptive. What you get is an installer that downloads and installs more software. After approximately half an hour, the installer declared victory and I was greeted by my new friend, the Server app (new in OS X Lion Server).

Initial configuration

The first thing that Lion Server really, really wants you to do is set a hostname for your machine and get an SSL certificate. While iMac.local had served me well, this wouldn’t do for a server. I therefore created a subdomain of my main domain as a CNAME record and pointed it to a dynamic DNS hostname I use to actually reach my home network. I then created a legitimate SSL certificate using startcom’s awesome free SSL certificate service. This was as straightforward as creating an SSL certificate gets (not very, but doable). With my shiny certificate installed, I set forth to explore my new server.

My first obvious question was: what has changed? Judging by the lack of a reboot, not a whole lot. I clearly didn’t get the super-sekrit server kernel. Did I earn, at least, a “server” badge somewhere for my $50? “About this Mac” doesn’t look promising:

The “more info” box yielded an upgraded string. Woohoo! I have a Server!

After this Very Important Verification, I turned to the most important task at hand: FIX THE WIFE’S BACKUPS. My wife runs a successful Spanish-language cooking blog out of her Macbook Pro. Her backups are mission-critical, and the key to peace in our household. Flick the switch on the Time Machine panel, select the backup drive (Lion Server complains when using a USB drive, but will let you do it), and done:

My wife could see the new backup drive on her machine’s Time Machine Preference Pane. She clicked on it, entered her username and password for the now-server, and her backup started immediately.

So far, so good. This is what an Apple product is supposed to be. Easy, and it Just Works™.

For the sake of completeness, I tried pointing Time Machine Server to an NFS share and a CIFS share. Just like Lion Client, it wouldn’t let me use network volumes as a backup destination. And just like Lion Client,

will make those drives visible to Time Machine Server. Obviously, I do not recommend using unsupported backup volumes. Backup is a great place to be boring and conservative. But if you want to do it, you can.

Now on to fix the VPN. I deleted my old handmade configuration file and went to the VPN control panel. It’s tremendously simple; although I can promise that I have a Shared Secret, however, Lion Server refuses to acknowledge that. Devices still need it to connect, so it’s there. It just doesn’t want to be seen. No, clicking “Show shared secret” doesn’t bring it back.

I had problems with DHCP allocations on my network before (my AT&T modem/router is the designated DHCP server and tends to forget its assigned range), and I wanted to fix them. I decided to use my new OS X server to provide DHCP services to the rest of my little network. But… I couldn’t find the DHCP server configuration anywhere.

But wait! There’s more… installation!

Here’s where Anandtech’s gigantic OS X Lion Server review and this handy We Got Served guide to OS X Lion in the home come in. As it turns out, Server.app is not the whole story; it only allows you to configure some services. For the rest, you need the Server Admin Tools from Apple’s website. Why aren’t these part of the standard Lion Server install? Perhaps Apple considers them too advanced for the average Lion Server user; I don’t know. I downloaded and installed them, but they were outdated; I was greeted by an update prompt immediately. Another 200MB later, I had the latest and greatest version of Server Admin Tools.

Get used to the three icons clogging your Dock, because you’ll need all three to perform some tasks. Worse, their functionality overlaps partially; you can perform some tasks, or part of a task in either program (I’m looking at you, Users pane in Server.app) but to complete it you’ll need to move back and forth.

In general, the split is this: you can access a basic configuration for most, but not all, services from Server.app. More in-depth settings, or settings for less frequently used services, are available in Server Admin. Some user settings are available from Server.app, but to get down to the nitty-gritty of Open Directory you need Workgroup Admin.

Open Directory

Open Directory is Apple’s version of LDAP, and its answer to Microsoft’s Active Directory. I don’t really need Open Directory… but centralizing user account management would certainly be nice. Apple’s Server.app can create accounts on Open Directory, but you need to start it using Server Admin first. I couldn’t find this anywhere in Apple’s documentation, which is (sadly) a theme we’ll revisit frequently.

Further, to connect Server.app to the Open Directory server, you need to figure out that the menu option for Importing network user accounts is actually where you specify the connection.

Open Directory runs under its own username (diradmin, by default) as a security measure. Workgroup admin requires diradmin privileges to make any meaningful changes to the Directory, as it should. The Workgroup Manager application itself is, sadly, confusing and buggy. For example, I tried to create a computer account. I changed my mind and deleted it… only to have Workgroup Manager get stuck on a zombie delete prompt after the account was gone.

If there’s a way to migrate existing local accounts on the server to Open Directory, I haven’t found it either. Apple’s documentation was no help, but I suspect that there isn’t a way. I wanted to set up network home directories tied to Open Directory accounts for everyone, but it’s clearly not going to happen any time soon.

130 Reader Comments

It seems strange that Apple took a (presumably) decently-functional setup from past versions of OSX Server and turned it into a mess. I know that the enterprise isn't Apple's focus (due largely to Microsoft's nigh-unassailable entrenchment there), but screwing up something you got right previously is downright odd. You'd think that the least they could do, if they're apathetic to the whole platform, is just leave it alone.

Nice article, by the way. It was well-written, and I could feel the author's frustration. It makes me want to go to work tomorrow and hug the fifty-seven (clearly delineated) tools I use to administer our 2K8R2/AD/Exchange setup.

had to nuke the Apache configuration directory (after backing it up) and let OS X Server create all-new config files. The new configuration didn’t work with Profile Manager. The magic URL rewrite rules weren’t in place and just returned 404 errors. Moving the old “bad” configuration files back to the /etc/apache2/sites directory fixed everything, and now it works.

That's my experience with OSX Server (all versions). Things that break for no reason, then need to be solved through byzantine ways, documentation that would better be left as a Tech Support script, and brittle, brittle, brittle.

Why ars is doing a review about a lion server rather than reivew on RHEL?No one uses Lion server except for the author for his server.He is a apple fan boy and he admits to that.Why doesn't a more relevant article on server software like RHEL,BSD or Debian come up on Ars.useless article...

I've worked as a sysadmin for OS X environments before, and at the end of the day your life is a lot simpler of you just treat it like a unix system, and use Apple's tools (like AppleScript or XCode) for everything where you need to interact with Mac specific stuff. Don't try to avoid the command line; it's often necessary for doing even trivial tasks.

OS X server has kind of a weird niche; it's effectively a commercial Unix system, but it is often marketed at smaller organizations who are less likely to benefit from such a system because a good unix admin can be expensive. I also can't say most of those organizations wouldn't be better served from something like Windows Small Business Server. I honestly wouldn't be surprised to see Apple axe OS X server soon.

Reminds me of the first and only Mac server I had to deal with. Set it up on the test bench and just wanted to run MySQL. MySQL would crash as soon as you started it. Turns out that on a Mac, MySQL requires the server name to be resolvable through DNS. I hadn't put it in DNS as I was on a test network. Never seen MySQL configured that way before or since.

Why ars is doing a review about a lion server rather than reivew on RHEL?No one uses Lion server except for the author for his server.He is a apple fan boy and he admits to that.Why doesn't a more relevant article on server software like RHEL,BSD or Debian come up on Ars.useless article...

I have known a couple IRL "apple fanboys" who made the mistake of purchasing OS X Server, thinking it was some sort of streamlined Apple-like easy-to-use SOHO oriented product, when in reality it isn't. So this article is a good public service announcement.

However, I would also like to see more in-depth reviews of things like RHEL.

Finished the article, and it all seemed VERY familiar. Reiterating my "HELL. NO." on home use of Server, and I'm glad to know I'm not alone in despising this thing.

Lion Server is one of the most atrocious, buggy, poorly-designed pieces of **** I've ever seen out of Apple. It's fragile, breaking easily. Error messages and help are near-nonexistant. It's trivial to get it into states where the management tools stop working (that is, if they don't spin lock or crash on their own!). Server.app is near-worthless in its misguided "simplicity", whereas the previously excellent Server Admin.app has been neutered into near worthlessness.

I've personally run into the same issues with certificates, where a minor issue in one part of the server will mysteriously break another part of the server - with no error messages, documentation, or anything to help you. Just dive into Console when you click a button and see what spits out. And eventually figure it out (maybe) with Google.

Apache is similarly brittle. Don't expect to use any knowledge of Apache on this system, as the first time you so much as glance at the config files, Server.app will throw "Error Reading Settings" and you can kiss any GUI management goodbye. You might think this a good thing (given the lack of quality in the GUI), but since Apache is critical infrastructure for half of OS X Server (Profile Manager, Calendar sharing, Address Book sharing, etc), you might think twice about it. Which means you're going to use Apache in the limited way Apple wants you to, and like it. Except for the like it part.

In short, it's a good thing this is cheap, because it's just not worth much of anything. It's too fragile and error-prone to use in a home setup, and it's far to limited to use it anywhere else. I've regretted buying it ever since, and that's for extremely light duties.

Most of the tasks that OS X Server can do I'm already doing with a standalone Ubuntu server, but the stuff about being able to create & push iOS device profiles is downright awesome, and I had no idea that was in there. That seems like an absolute killer feature for a household full of geeks.

Sad that you came to the same conclusion that I did about how there's no way to transform scattered local accounts into centralized domain accounts; that also would seem to be a killer (but absent) feature, rather like the local-to-domain account migration tool you get with MS SBS. I'd love to be able to set up an OS X Server OpenDirectory and kick my accounts and my wife's accounts up into it, eliminating all local accounts on all the Macs in the house, but without an automated method it's just too much gruntwork with too little payoff.

Mac OS X Server has always been of the greatest value if you're dealing with a number of Macs themselves. Stuff like NetBoot, mobile/network homes, local SUS and so forth are all super helpful and worked quite well. Its value starts to fade significantly for any situation outside of that, due to a number of factors from poorly targeted hardware to Apple's major indifference to the software.

Lion Server itself is a weird hodgepodge. It most strongly feels like a transition between two actual designed products: 10.6 Server, and a theoretical 10.8 that Apple is aiming for down the road. It has an incredibly oddly broken up UI, significantly worse then in previous versions. Useful GUI features seem to have gone missing or mutated heavily in not-entirely good ways. Whether Apple actually will come out the other side though with something better is up for debate given their historical slipshod approach and seeming institutional indifference to the market. It has often sort of felt like it was struggling on with some good but small internal teams fighting into the face of heavy winds.

I don't know if Apple's mantra will pay off here or not. Almost by definition a server product and a dedicated computer to run it is not something a typical user will ever consider. There seems to be a real danger that Apple is trying to drive more specialized products into the mainstream when there isn't actually any mainstream use case, thus alienating existing users while simultaneously failing to make something better. We'll see with 10.8 though.

Why ars is doing a review about a lion server rather than reivew on RHEL?No one uses Lion server except for the author for his server.He is a apple fan boy and he admits to that.Why doesn't a more relevant article on server software like RHEL,BSD or Debian come up on Ars.useless article...

Please go read the intro to the article, it seems as if you missed it. That answers your questions.

IServer.app is near-worthless in its misguided "simplicity", whereas the previously excellent Server Admin.app has been neutered into near worthlessness.

Yeah, this is the exact issue. Some problem spaces simply do not map well onto "simplicity", end of story. Trying to do both ends up with something that's mediocre at best all around.

I would have no problem with Server.app, if it was entirely optional. In other words, if you could use Server Admin to do actual work. Sadly, Apple seems to have decided that Server.app is the One True Way from now on, so you can't use Server Admin.

Finished the article, and it all seemed VERY familiar. Reiterating my "HELL. NO." on home use of Server, and I'm glad to know I'm not alone in despising this thing.

Lion Server is one of the most atrocious, buggy, poorly-designed pieces of **** I've ever seen out of Apple. It's fragile, breaking easily. Error messages and help are near-nonexistant. It's trivial to get it into states where the management tools stop working (that is, if they don't spin lock or crash on their own!). Server.app is near-worthless in its misguided "simplicity", whereas the previously excellent Server Admin.app has been neutered into near worthlessness.

I've personally run into the same issues with certificates, where a minor issue in one part of the server will mysteriously break another part of the server - with no error messages, documentation, or anything to help you. Just dive into Console when you click a button and see what spits out. And eventually figure it out (maybe) with Google.

Apache is similarly brittle. Don't expect to use any knowledge of Apache on this system, as the first time you so much as glance at the config files, Server.app will throw "Error Reading Settings" and you can kiss any GUI management goodbye. You might think this a good thing (given the lack of quality in the GUI), but since Apache is critical infrastructure for half of OS X Server (Profile Manager, Calendar sharing, Address Book sharing, etc), you might think twice about it. Which means you're going to use Apache in the limited way Apple wants you to, and like it. Except for the like it part.

In short, it's a good thing this is cheap, because it's just not worth much of anything. It's too fragile and error-prone to use in a home setup, and it's far to limited to use it anywhere else. I've regretted buying it ever since, and that's for extremely light duties.

Kinda sad. When apple stuff works, it's great. When it doesn't, you basically are screwed.

Was impressed with the new integration of ibooks when clicking on epub links.

Why ars is doing a review about a lion server rather than reivew on RHEL?No one uses Lion server except for the author for his server.He is a apple fan boy and he admits to that.Why doesn't a more relevant article on server software like RHEL,BSD or Debian come up on Ars.useless article...

Please go read the intro to the article, it seems as if you missed it. That answers your questions.

I would have no problem with Server.app, if it was entirely optional. In other words, if you could use Server Admin to do actual work. Sadly, Apple seems to have decided that Server.app is the One True Way from now on, so you can't use Server Admin.

Exactly! Improve Server.app a bit to make it usable as the only tool for small home setups that want it, and restore Server Admin.app to being the "Pro" way of configuring all of the nitty-gritty. Since everything is going through an underlying serveradmin CLI anyhow, it would seem trivial to provide multiple GUI front-ends, each optimized for a different purpose.

Right now, it's an incredible wasted opportunity. People (like me) are going to spend their $50 and walk off in disgust, either to Linux or Windows Home Server (I'm sticking with Lion Server, although more due to lack of options than any love for the product). Whatever happened to Apple waiting until they got something right before they release it?

Why ars is doing a review about a lion server rather than reivew on RHEL?No one uses Lion server except for the author for his server.He is a apple fan boy and he admits to that.Why doesn't a more relevant article on server software like RHEL,BSD or Debian come up on Ars.useless article...

Please go read the intro to the article, it seems as if you missed it. That answers your questions.

This outcome is disappointing. I hadn't been thinking about it too heavily, but the idea of adding server to a system and managing what is soon to be a burgeoning Apple environment here at home was nice. Currently we have a Mac Mini and an iPad. By this spring we will be adding 2 laptops (or 1 laptop and 1 iMac, not sure yet), 2 iPad 3's and 2 iPhones to the mix. My kids (6 1/2 and 4 yr old girls by then) will be inheriting that original iPad. They do an excellent job using it around the house in the Apple iPad case. Very damage resistant and we drilled the careful angle into them from the get-go heh.

You mentioned at the end that a centrally planned OS X environment from scratch might be a good fit tho. I have no experience managing networks other than basic network setup on my router. Pondering the Airport Extreme too tho, especially if they upgrade it and the new Macs to 802.11 ac.

I suppose iOS happened. OS X app development at Apple seems to be at a slightly lower priority at the moment.

It's certainly a bit more frustrating to configure as opposed to Snow Leopard Server (perfection), but once you get your server configuration right, it practically shines. I can't do without Open Directory and AFP works alright once you're done (though I miss the AFP features they decided to hide).

I'm willing to bet a lot of the features we want from AFP (which we'd look for in Server Admin) have receded back into the CLI. In fact, a lot of features in OS X Server have, haven't they? Doesn't that defeat the point?

This outcome is disappointing. I hadn't been thinking about it too heavily, but the idea of adding server to a system and managing what is soon to be a burgeoning Apple environment here at home was nice. Currently we have a Mac Mini and an iPad. By this spring we will be adding 2 laptops (or 1 laptop and 1 iMac, not sure yet), 2 iPad 3's and 2 iPhones to the mix. My kids (6 1/2 and 4 yr old girls by then) will be inheriting that original iPad. They do an excellent job using it around the house in the Apple iPad case. Very damage resistant and we drilled the careful angle into them from the get-go heh.

You mentioned at the end that a centrally planned OS X environment from scratch might be a good fit tho. I have no experience managing networks other than basic network setup on my router. Pondering the Airport Extreme too tho, especially if they upgrade it and the new Macs to 802.11 ac.

Server.app might fit the bill for this, if your needs are very simple. If you start with new accounts hosted on Open Directory from the beginning, it'd be IMHO a lot better.

Server.app might fit the bill for this, if your needs are very simple. If you start with new accounts hosted on Open Directory from the beginning, it'd be IMHO a lot better.

Probably managing the iPads and iPhones, I need to find an enclosure I can stick the 2 2TB drives (picked them up cheap last April and never ended up using them in my PC) I have sitting around in, then hook them up to the Airport Extreme so they're easily reachable by the network. I've heard of corruption problems from people talking about external drives and their Macs going into sleep mode, so I figured setting it up from the USB port on the Airport Extreme might get around that.

I haven't started messing around w/the iCloud features yet and I have over 25GB of music and a bunch of movies and TV shows I'd like to make more central and easily accessed by everyone. Nothing too extreme, we're just dropping my wife's WIn7 system and going all Mac b/c we like it and hey, we have tax money to use

I'm surprised there hasn't been mention of Lion Server's awful natd and dhcpd.

Apple apparently rewrote natd for 10.7, but they broke it. The gateway network setup wizard completes successfully, but any machines behind the server will not have internet access. It turns out you must use 192.168.2.x for the internal network.

DHCP worked at first, but broke after the latest update. If you try to modify the subnets, it will ask you to save and restart. It decided to shutdown only instead. When you start it up manually, it erases all of your subnets.

Lion Server is a half baked piece of trash with a horrible UI, virtually no documentation or support, and many of its services eventually break or didn't even work in the first place.

I've had a Mac OS X server set up at home for years now. Mostly to provide FTP services for the wife. I bought a Mac Mini Server to move off the box I was running it on and to get a look at Lion Server. Quickly discovered that FTP server was no longer a supported. Oh, the server software was still there, it's just that you can't use any of the schizophrenic admin tools to enable and configure it. You have to use the command line.

It's obvious to me that Lion Server is an interim release. I think apple has had a hard time finding a niche for their server products, and with Lion they are (again) looking for a reason for people to buy it. And device management is this week's raison d'être. Last week it was automating Podcasts. The week before that it was desktop client management.

I think Apple has plans for the server product beyond Lion, and they intend to address details like consolidating the user interface by moving to a different model (probably web app based) that's more in keeping with future plans. But until they have the bugs ironed out of the core services (and stop re-inventing its purpose with every release) we likely won't see real improvement on the ease-of-use front.

Well anyone wanting apple to fix OSx server should just sit back and relax... When I was an admin for a Mac environment, we started with 10.0 and then .1, etc... All had issues. Could not add more than 20 printers before the print queue stopped, dhcp would randomly stop assigning addresses, managed services did not work until 10.5 or 10.6. Open directory finally started to work OK at 10.5, but managing thousands of users VIA the GUI was like stabbing your eyes with toothpicks... The server management apps are just a mess, and have been since MacManager on OS9... and surprise - they look the same

I dont think I would ever touch a Mac server anymore... just too frustrating...

Why ars is doing a review about a lion server rather than reivew on RHEL?No one uses Lion server except for the author for his server.He is a apple fan boy and he admits to that.Why doesn't a more relevant article on server software like RHEL,BSD or Debian come up on Ars.useless article...

OS X server has kind of a weird niche; it's effectively a commercial Unix system, but it is often marketed at smaller organizations who are less likely to benefit from such a system because a good unix admin can be expensive. I also can't say most of those organizations wouldn't be better served from something like Windows Small Business Server. I honestly wouldn't be surprised to see Apple axe OS X server soon.

Best guess, it will stick around as some kind of in office device policy manager (as seen in the latter half of the article). Basically it will be some imac or mac mini sitting in the corner of the sysadmin office, handing the backups and profiles of the executive ipad fleet.

It's a shame, I think a product like this (if it wasn't so much trouble) would be very cool for some of the folks with a bunch of apple devices on their network. Personally I don't own any, but reading about some of the stuff you could (in theory) do without having sysadmin IT training is pretty nifty. On the plus side, at least they weren't trying to charge an arm and a leg for it.

Great timing, was just considering purchasing a mac mini and Lion server for our home network. We don't even need access to our network from the 'net, but do want better options for configuration than the current router provides. Windows server is priced out of the home market, and although I have played with Linux and BSD servers in the past, just want something simple that works. Perhaps time to dust off the Linux skills after all?

Great timing, was just considering purchasing a mac mini and Lion server for our home network. We don't even need access to our network from the 'net, but do want better options for configuration than the current router provides. Windows server is priced out of the home market, and although I have played with Linux and BSD servers in the past, just want something simple that works. Perhaps time to dust off the Linux skills after all?